With GDPR now in effect, we wanted to help you understand what these new regulations are and how they could affect you.
GDPR Overview
What is GDPR?
GDPR stands for General Data Protection Regulation. It builds upon the existing European Union (EU) data protection rules but has a broader set of requirements, more specific standards, and carries penalties for non-compliance. It was put in place to give EU citizens more control over their personal data. To that end, it regulates how people and organizations can obtain, use, store, and remove personal data of EU citizens.
Who is affected by GDPR?
GDPR affects any organization operating with the EU as well as organizations operating outside the EU which offer goods and services to customers or businesses with the EU. This means that any global company is affected by GDPR.
GDPR Background
Does every company have to be GDPR compliant?
It is any company’s choice whether they want to operate in a GDPR compliant way. Companies that operate in the EU or that have EU customers, however, risk very high fines if they are noncompliant (up to the higher of 20 Million Euros or 4% of the annual turnover of the company’s group turnover). If you only operate outside of the EU and have no EU customers then you do not have to be GDPR compliant (but if you want to voluntarily adhere to a higher privacy standard you can still choose that we implement GDPR compliant processes for you).
What’s personally identifiable information (PII)?
PII is any information relating to an identified or identifiable individual, which could mean any information that could be used either on it’s own or in conjunction with other data, to identify an individual. Social Native currently collects media that contains PII such as people in the media, usernames, location, and comments.
How does PII collection change with GDPR?
Because GDPR places a greater emphasis on users providing a higher level of explicit consent before collecting information that can be used to identify a user, companies need to ensure that users know that they have collected PII and make them aware of how it could be used.
If you’re using Social Native's Earned Content solution, you still ask users whose content you would like to use for rights, but your terms of service should include language regarding PII processing. You only to view PII associated with collected once explicit rights have been granted.
When did GDPR go into effect?
GDPR went into effect on May 25, 2018.